Phuong Cao

Matthew Chou, Phuong Cao

Post-Quantum Cryptography (PQC) is a rapidly growing deployment challenge as cryptographically relevant quantum computers (CRQC) continue to advance, leaving traditional cryptographic algorithms used in X.509 vulnerable to attack. However, PQC introduces significant deployment challenges in real-world networks, with handshake sizes increasing from 5x to over 20x compared to classical algorithms. In this work, we evaluate the time to first byte (TTFB) under CDN-focused TLS conditions to characterize the latency cost of transitioning existing internet infrastructure to quantum-safe certificate schemes. We observe discrete increases in TTFB as certificate chain sizes exceed transport layer data flight limits. To isolate the impact of certificate chains, we evaluate both ECDSA and ML-DSA-based certificate schemes, generating similarly sized certificate chains through controlled addition of certificate extensions. We additionally examine how CDN properties such as session resumption, certificate size optimizations, and geographical distribution reduce latency penalties. We utilize Zeek-monitored TLS traffic through a High-Performance Computing System (NCSA) with terabyte network connectivity across the nation to quantify real-world session resumption rates. We compare CDN-driven size optimization with Merkle Tree Certificates (MTC) to examine how size reductions allow certificate chains to remain under the flight limit threshold. We find that MTC allows for 2x-3x increase in supportable certificate chain size, whereas CDN-based optimizations yield more limited reductions, supporting up to approximately 1.6x certificate chain size increase.

Shengkun Cui, Archit Patke, Hung Nguyen et al.

This study characterizes GPU resilience in Delta HPC, a large-scale AI system that consists of 1,056 A100 and H100 GPUs, with over 1,300 petaflops of peak throughput. Delta HPC is operated by the National Center for Supercomputing Applications (NCSA) at the University of Illinois Urbana-Champaign. We used 2.5 years of operational data (11.7 million GPU hours) on GPU errors. Our major findings include: (i) H100 GPU memory resilience is worse than A100 GPU memory, with 3.2x lower per-GPU MTBE for memory errors, (ii) The GPU memory error-recovery mechanisms on H100 GPUs are insufficient to handle the increased memory capacity, (iii) H100 GPUs demonstrate significantly improved GPU hardware resilience over A100 GPUs with respect to critical hardware components, (iv) GPU errors on both A100 and H100 GPUs frequently result in job failures due to the lack of robust recovery mechanisms at the application level, and (v) We project the impact of GPU node availability on larger-scales and find that significant overprovisioning of 5% is necessary to handle GPU failures.

Elizabeth G. Campolongo, Yuan-Tang Chou, Ekaterina Govorkova et al.

Scientific discoveries are often made by finding a pattern or object that was not predicted by the known rules of science. Oftentimes, these anomalous events or objects that do not conform to the norms are an indication that the rules of science governing the data are incomplete, and something new needs to be present to explain these unexpected outliers. The challenge of finding anomalies can be confounding since it requires codifying a complete knowledge of the known scientific behaviors and then projecting these known behaviors on the data to look for deviations. When utilizing machine learning, this presents a particular challenge since we require that the model not only understands scientific data perfectly but also recognizes when the data is inconsistent and out of the scope of its trained behavior. In this paper, we present three datasets aimed at developing machine learning-based anomaly detection for disparate scientific domains covering astrophysics, genomics, and polar science. We present the different datasets along with a scheme to make machine learning challenges around the three datasets findable, accessible, interoperable, and reusable (FAIR). Furthermore, we present an approach that generalizes to future machine learning challenges, enabling the possibility of large, more compute-intensive challenges that can ultimately lead to scientific discovery.

Ragini Gupta, Shinan Liu, Ruixiao Zhang et al.

Machine learning has shown promise in network intrusion detection systems, yet its performance often degrades due to concept drift and imbalanced data. These challenges are compounded by the labor-intensive process of labeling network traffic, especially when dealing with evolving and rare attack types, which makes preparing the right data for adaptation difficult. To address these issues, we propose a generative active adaptation framework that minimizes labeling effort while enhancing model robustness. Our approach employs density-aware dataset prior selection to identify the most informative samples for annotation, and leverages deep generative models to conditionally synthesize diverse samples, thereby augmenting the training set and mitigating the effects of concept drift. We evaluate our end-to-end framework \NetGuard on both simulated IDS data and a real-world ISP dataset, demonstrating significant improvements in intrusion detection performance. Our method boosts the overall F1-score from 0.60 (without adaptation) to 0.86. Rare attacks such as Infiltration, Web Attack, and FTP-BruteForce, which originally achieved F1 scores of 0.001, 0.04, and 0.00, improve to 0.30, 0.50, and 0.71, respectively, with generative active adaptation in the CIC-IDS 2018 dataset. Our framework effectively enhances rare attack detection while reducing labeling costs, making it a scalable and practical solution for intrusion detection.

Minh Le, Phuong Cao

Formal verification of Deep Neural Networks (DNNs) is essential for safety-critical applications, ranging from surgical robotics to NASA JPL autonomous systems. However, the computational cost of verifying large-scale models remains a significant barrier to adoption. This paper investigates the impact of pruning on formal local robustness certificates with different ratios. Using the state-of-the-art $α,β$-CROWN verifier, we evaluate ResNet4 models across varying pruning ratios on MNIST and, more importantly, on the NASA JPL Mars Frost Identification datasets. Our findings demonstrate a non-linear relationship: light pruning (40%) in MNIST and heavy pruning (70%-90%) in JPL improve verifiability, allowing models to outperform unpruned baselines in proven $L_\infty$ robustness properties. This suggests that reduced connectivity simplifies the search space for formal solvers and that the optimal pruning ratio varies significantly between datasets. This research highlights the complex nature of model compression, offering critical insights into selecting the optimal pruning ratio for deploying efficient, yet formally verified, DNNs in high-stakes environments where reliability is non-negotiable.

Phuong Cao

This paper presents PULSAR, a framework for pre-empting Advanced Persistent Threats (APTs). PULSAR employs a probabilistic graphical model (specifically a Factor Graph) to infer the time evolution of an attack based on observed security events at runtime. PULSAR (i) learns the statistical significance of patterns of events from past attacks; (ii) composes these patterns into FGs to capture the progression of the attack; and (iii) decides on preemptive actions. PULSAR's accuracy and its performance are evaluated in three experiments at SystemX: (i) a study with a dataset containing 120 successful APTs over the past 10 years (PULSAR accurately identifies 91.7%); (ii) replaying of a set of ten unseen APTs (PULSAR stops 8 out of 10 replayed attacks before system integrity violation, and all ten before data exfiltration); and (iii) a production deployment of PULSAR (during a month-long deployment, PULSAR took an average of one second to make a decision).